Target Audience

Prerequisites

Keen
desire to properly learn about software development methodologies and best
practices.

Structure

The
work is comprised of three (3) Sections and 20 Chapters, a short Note from the
Author, Contents, a Preface, and a well-defined Index comprising a total of Foot
Noted 376 pages. The Foot Notes include references to additional reading.

The
author does not include a much-needed dedicated Glossary if the work is to
embrace a wide audience of professionals and most importantly the beginner
student, even though he does provide an integrated version within the Index.

Illustrations and
Figures

The
topics and concepts are well illustrated

Companion Content

No
readily available companion content

Reviewer | Blogger
Comments

Review Title

Engineering
for Success… Beating the 30% Odds

This
manuscript is comprehensive, detailed, well organized, and easy to follow and is
an important contribution to the software manufacturing industry.

The content is organized around three major topics following the SWEBoK Key Process
Areas methods as depicted in Table 2 presented in the Preface:SWEBoK Key Process Areas

Fundamentals

Practices

Application

Knowledge
areas such as:

Requirements

Design

Construction

Testing

Configuration

Management

Process

Methods

Quality

Each
Knowledge area is treated within respective Sections in various chapters. e.g.,
Design is addressed in Section 1, Chapters 3, 6 and Section 2 Chapters 10… 14
etc.

RichardSchmidt
addresses the topic of Security thoroughly all throughout the book beginning
with SECTION 2 SOFTWARE ENGINEERING PRACTICES but to my surprise, not as a
knowledge area given the current insurmountably persistent data breach and
violation of privacy events due to poorly written software, among other
culprits. I was expecting Schmidt to
stress Security in SECTION 1 SOFTWARE ENGINEERING FUNDAMENTALS.

Schmidt attributes the lack of success in software engineering to the ”almost
complete misconception of what a software product design is and how to develop
a complete design description. The second symptom involves the lack of a
standard set of software engineering principles and practices”

I
attribute the primary culprit to be the human condition and its lack of self-discipline
then misconceptions and lack of standards.

An
important and complex subject matter such as the concepts, methodologies, and
standards of software engineering discipline and requirements needs to be
addressed from many perspectives.
Especially in a contemporary scenario where Engineering Teams are
comprised of members from all walks of life, academic backgrounds, and gene
pools. This means that their natural
linguistics ideology can widely differ and this impacts how the product is
engineered. i.e., look and feel,
functions and features, how security is implemented in the product, etc. all
are dependent on the innate cultural and social ideologies of the code writers,
engineers, designers, and architects in this order or precedence.

Therefore,
the importance of works of this genres are imperative and how this complex
discipline is treated when it is presented as a learning tool needs to be presented
from many perspectives as does our author.

It
is important to note that while the work is well organized and elegantly
presented, the Contents guide in the eBook is not hyperlinked to the
destination chapters. However, the author does present an introduction to each
Section and a Chapter outline and introduction in the beginning of each chapter.
While I very much found useful the fact
that he enumerated key concepts in the beginning of each chapter, it was
distracting to me not to be able to navigate the eBook expediently through a
hyperlinked Contents/Topics guide. I had
to resort to scrolling through and/or perform queries in order to review a
chapter or segment within chapters.

Nevertheless,
I did find useful that in his Preface he instantiated hyperlinks to tables
within the preface. I recommend the
reader to pay close attention to this preface since in it Richard Schmidt
presents an architectural synopsis of the work, aligned with the Software
Engineering Body of Knowledge (SWEBoK) in the form of tables. In addition, he presents a summary of the
Sections and the corresponding chapters.

About the Author

TBP

Quotes

If you have read this manuscript and have some opinion,
comments, or praise about this work, please let me know. Your quotes will be published with full billing

Prerequisites

Book Structure

This structure is highly comprehensive and enticing for beginners and experienced professionals alike. I can see that both Karl Wieggers and Joy Beatty have an in depth command of the subject matter thus could presented from top to bottom, edge to center and vice verse.

Illustrations and Figures

In addition, to outstanding illustrations, the authors provide supporting use cases and case studies

Companion Content

Templates | Check Lists | Spreadsheets | Other Job Aids

Reviewer | Blogger Comments

As technological advances continue to evolve, so does the need for software development methodologies. Likewise, as re-architected socio-economic strategies emerge, the need for adaptive business models and analytic methodologies must follow suit.

If you have read the prior two editions of "Software Requirements" and have found them to expand your subject matter knowledge base, you will want to incorporate this expanded third edition into your reference library. I recommend reading this work individually then reviewing and discussing each chapter as a team prior to commencing any software development project. I personally recommend centering all team discussions from a security and compliance stance.

The third edition is informative and because they build powerful illustrated instructional arguments, the authors make it easy to understand and retain the concepts and methodologies presented. Additionally, I like their conversational literary style. I feel as is the authors are addressing me personally.

The text is well indexed and I particularly like how the authors reference associated concepts and definitions between chapters.

About the Authors

Karl Wiegers - @karlwiegers

Karl Wiegers is a software consultant, trainer, and an award-winning author of eight books and a repertoire of articles. He has provided training and consulting services worldwide on many aspects of software development, management, and process improvement.

Joy Beatty - @joybeatty

Joy Beatty has co-authored important works that address the realm of business analysis and agile software requirements. As a subject matter expert Beatty has guided major organizations in the building of business analysis centers of excellence.

Beatty has worked with numerous Fortune 500 companies spanning the semi-conductor, computer manufacturing, defense, and retail industries. She is responsible for developing new service offerings that change the way their customers create requirements. She has also adapted ideas from using games in training to create courses on topics including requirements best practices, elicitation and visual models and delivered training to over 700 individuals in industry.

Sunday, June 23, 2013

Metasploit

The Penetration Tester’s
Guide

Authors:David Kennedy, Jim O’Gorman, Devon
Kearns, Mati Aharoni

Publisher: O’Reilly Media,
Inc.

Reviewer/Blogger: Virginia
Benedict

Target Audience:This
Guide offers a wealth of information to both the novice as Tutorial and the
experienced as Reference. For starters,
the Novice will learn relevant steps on how to get started; and the Experienced
with benefit from the discussions on Methodology. Program Managers and Stake
Holders will benefit from a managers perspective

Chapters: Seventeen Chapters extensively indexed and a
Cheat Sheet referencing important commands with syntax commonly used within Metasploit’s
various interfaces and utilities.

A guide such as this is best produced by an extensive
collaborative effort of experienced professionals. It is especially valuable when the related
community of information security experienced professionals has had direct or
indirect input into the final product, as with this outstanding effort.

Once the authors have taken the reader through the
absolute basics of Penetration Testing, then they introduce the basics of
Metasploit, arming the novice with the necessary knowledgebase to move into the
intelligence gathering processes while teaching you the various commands and
tools.

I found their discussion on the risks and
responsibilities of the Tester very poignant.

I recommend that since the Metasploit Framework is large
and complex requiring an array of innate and learned skill sets that the novice
reader first study the organizational framework of this guide. In other words, become familiar with the flow
of the work by creating an inventory of the various learning points.

As with any learning process, I always recommend that the
“student” begin by fully understanding their learning style(s). Be aware that you, as many of us do, may have
different learning stylesand combinations thereof for different
learning requirements. As a reader in
this case, you might have a couple of learning styles, which you might apply in
perspective. By studying the method(s) used by the authors hereby to present
the information and processes, you will gain the ability to understand and
retain the knowledge presented.

About
the Authors

Mati AharoniMati (muts) is a network security professional, currently working with various Military and Government agencies. His day-to-day work involves vulnerability research, exploit development and whitebox / blackbox Penetration Testing. In addition, he is the lead trainer in the “Offensive Security” courses, which focuses on attacker tools and methodologies. Mati has been training security and hacking courses for over 14 years and is actively involved in the security arena, and is the core developer of Kali Linux.Devon kearns (dookie2000ca) is a former Communications Technician and IS Security Analyst with over 15 years of formal IT experience but his true passion lies in the field of information security, most notably in the realm of software exploitation and bug hunting. This fascination with vulnerabilities has led Devon to being the lead administrator of the Exploit Database, a co-author of the free online Metasploit Unleashed training course, and a Kali Linux developer.Jim O'GormanJim (Elwood) is a professional penetration tester, an instructor at Offensive Security, and manages Offensive Security’s consulting services. Jim has lived online from the times of BBS’s, to FidoNet, to when SLIP connections were the new hotness. Jim spends time on both network intrusion simulation as well as digital investigations and malware analysis. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.David Kennedyis Chief Information Security Officer at Diebold Incorporatedand creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit Database development team and is a core member of the Social-Engineer podcast and framework.Kennedy has presented at a number of security conferences including Black Hat, Defcon, ShmooCon, Security B-Sides, and more.

Tuesday, December 11, 2012

Seamless Unified Collaboration with Office 365/SharePoint

Whether you wish to implement intranets, extranets, or
public collaborative platforms Office 365/SharePoint is undoubtedly the suite
of tools of choice. It is elegantly
engineer for ease of use, intuitive learning curve for both IT and users alike;
especially since all of the familiar features and functionalities of Windows
and MS Office are brought forward with enhancements.

On the back end, it offers Data Center Network Capacity,
File Storage, Full Server Support, Award Winning Service Help Desk and World
Class Training and Demos Microsoft’s standard of quality.

The most important concern of all is fully addressed by
Microsoft’s State-of-the-Art Security, Back-up, and Recovery Technology
ensuring privacy and data reliability, integrity, and high availability.With Single-Sign-On (SSO) the user has
seamless authentication and ready access with the appropriate rights
management.

Integrated with Microsoft SharePoint, you can sync your
teams for easy collaboration using Office Outlook to manage schedules, contacts,
and mail.You seamlessly customize a
dedicated intranet Team Site to publish/archive documents, calendar of events,
create exchange through collaborative comradely and much more.

The Team sites as well as the public website can be
designed/customized with SharePoint Designer. This outstanding tool is
installed locally on the desktop or mobile workstation for taking advantage of powerful
features.

ADMIN
DASHBOARD

﻿

Fig. 1 -This
is the Dash Board (Control Panel) of the Account Owner/Administrator (AO/A).To familiarize yourself with the powerful
tools integrated into the Office 365 with SharePoint I recommend that the
AO/Admin open a VISIO stencil and begin to create the first layer of your
project using the features and functionalities that you are planning to
deploy.I would include start and
completion projected dates.

SETUP
OVERVIEW

﻿

Fig. 2 - It
is important that you use layers so that each Specialist and/or team
responsible for integrating the chosen services can easily follow the desired design
and configuration standards.

Figs. 3 - 4 - Using the items on the Setup Overview, the AO/A can begin to create a custom plan for the roll out. Using the Custom Plan Pilot guide you can track
it using MS Project integrated with VISIO interactive visuals

CUSTOM
PLAN TRACKER

Figs. 5-6 -Each Task can be represented in VISIO as a layer detailing the steps to be taken and linking them to MS Project.

INTEGRATED DATABASES

Fig. 7 - As
you can see, you have everything readily available including outstanding self-help
support with dynamic context specific streaming demos, award winning community assistance
and/or options to hire a Microsoft Certified Specialist.

HOME

Users' Dashboard

Fig. 8 - This
is your licensed users’ dashboard.If
you notice, on the right the user will find all of the readily available Self-Help
Resources as well as Community Resources and Blogs.

TEAM
SITES

Each
department can deploy Departmental level Team Sites, and each Project/Program
Manager can customize their own projects team sites.

﻿

﻿

Fig. 9 - This
is using the default layout that is readily customizable

Fig. 10 - …and
with a couple of clicks and drag-and-drops, I turned it into this.

Your Team Sites can be edited with SharePoint Designer which
helps you to seamlessly to create or edit lists, pages, workflows, and adjust
settings.

You may also edit Team Site on the fly using WYSIWYG and
drag/drop

Full integration with Office Project, Visio, Access, and the
complete Office 2010 suite of applications and tools.This
is ultimately important because this makes managing your teams a seamless
affair through live and passive interactive collaboration.

VANITY
DOMAINS

This
is the optional vanity domain public site.The integration of a public domain is seamless and painless whether you
have an existing domain or you need to purchase a new domain Office
365/SharePoint carries you through the steps using easy to follow wizards or
with phone support.

Fig. 11 - Sample
Enterprise Domain simply using the WYSIWYG available web parts.Not one single line of code was written.

Please
Note:This is a high-level overview just
to present a quick and dirty sampling of what Office 365/SharePoint Online
Services has to offer to any size business; from Enterprise to Medium Businesses
or SOHO Entrepreneurs.Click the images to view them in the LightBox

If
you have any questions or constructive feedback, feel free to contact me.

Thursday, November 22, 2012

The Value of a TechNet Subscription...

If you consider yourself a serious IT Professional,
a TechNet subscription is simply indispensable.I know that I cannot do without it for more reasons that I can
think off.When I think of Continuing Education
& Training, to prepare for critical issues and plan for future deployments,
when I am in the middle of an IT project, double checking knowledgebase for
specific how-to or tips & tricks, when I need to get updated on security
trends, on and on…

Because a TechNet subscription allows me to
download full versions of pre-release tools and software for testing and
evaluation purposes, I can hone in and polish the skills I need to readily
provide best of class technical support services, implementations, and prepare
for seamless migrations.

The subscription level I recommend is the TechNet
Professional with Media.TechNet
provides the subscriber with an on-line Portal. However, having the media will
travel; especially when you are on-site and might not have ready access to
broadband.

The following are just some of the benefits included
in the Professional with Media version:

1.Exclusive Secure Portal Access from
which you can Manage your Subscription and efficiently access your benefits in
one place

2.Usage Scenarios Supports the trial
scenarios most utilized by IT Pros during the software evaluation process

TechNet also offers Volume Subscriptions. Microsoft
Volume Licensing programs that are designed to meet the needs of a business and
offer customized packages to suit the size and purchasing preference of a company.